OT ? : Active Directory Authentication with Perl, Mod

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I already have a (intranet only) site powered by CGI::Application, running on Apache/2.0.55 on SunOS 5.10, using perl 5.8.8 compiled from source using GCC. Everything so far works perfectly, we compiled perl from source to avoid messing with the perl compiled with the sun workshop compiler that the OS uses.

Now we require to make a change to the apache config so that authenticates with the local Windows Active Directory, and only lets people in if they are the member of a particular group. From what I have read so far we need to be using mod_perl, and some sort of authen_ldap module.

Does this mean I have to rebuild apache with perl or something? Does anyone have links to any examples of this sort of configuration or tutorials? Is there a better way to do this?

Anyone help explain these topics in laymans terms would be great, I feel out of my depth. Tia

Comment on OT ? : Active Directory Authentication with Perl, Mod_Perl and Apache

Replies are listed 'Best First'.
Re: OT ? : Active Directory Authentication with Perl, Mod_Perl and Apache by eric256 (Parson) on Mar 11, 2008 at 18:49 UTC
I use the following HTTP conf to restrict access to my Trac SVN repo `<Location /svn> DAV svn SVNParentPath /projects/svn Order allow,deny Allow from all AuthType Basic AuthName "Trac" AuthBasicProvider "ldap" AuthLDAPURL "ldap://domain.com:389/DC=domain,DC=com?sAMAccountName? +sub?(objectClass=*)" AuthLDAPBindDN "user@domain.com" AuthLDAPBindPassword "password" authzldapauthoritative Off require ldap-group CN=Trac,CN=Users,DC=domain,DC=com </Location>` [download] I don't think you need perl at all for this aspect. I do also have a perl script that uses LDAP for authentication but its not to protect a website. ___________ Eric Hodges	[reply] [d/l]
Re^2: OT ? : Active Directory Authentication with Perl, Mod_Perl and Apache by Anonymous Monk on Mar 12, 2008 at 10:32 UTC
Hi, this is interesting, thanks. Do I need to have mod_perl or apache configured in a special way? Does Apache support LDAP "out of the box"? Thanks again	[reply]
Re^3: OT ? : Active Directory Authentication with Perl, Mod_Perl and Apache by almut (Canon) on Mar 12, 2008 at 11:09 UTC
Using Google, getting answers to such questions often is a matter of seconds. The reply by eric256 contained several suitable keywords to craft a search, e.g. http://www.google.com/search?q=authzldapauthoritative (choose a word that looks sufficiently specific to the issue...). The first hit is a link to the Apache auth module `mod_authnz_ldap` on the `httpd.apache.org` site, which has lots of other info around configuring Apache.	[reply] [d/l] [select]